VTA-00443 – MalwareUrgent Patch Released by Apple to Address Zero-Day Vulnerability Affecting iOS, iPadOS, macOS, and Safari
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day vulnerability, labeled as CVE-2023-37450, which has been actively exploited in the wild. The bug, found in WebKit, could potentially allow threat actors to execute arbitrary code by manipulating web content. The company has improved checks to mitigate the issue. The researcher who discovered and reported the flaw remains anonymous, and details about the attacks and the identity of the threat actor behind them are limited. However, Apple acknowledged the possibility of active exploitation in a brief advisory.
The updates, namely iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2, are available for various operating system versions, including iOS, iPadOS, macOS Ventura, macOS Big Sur, and macOS Monterey. This release follows Apple’s efforts to address 10 zero-day vulnerabilities in its software since the beginning of 2023. It also comes after previous patches were deployed to fix three zero-days, two of which were exploited in an espionage campaign known as Operation Triangulation.
However, Apple has temporarily withdrawn the software update after reports surfaced that installing the patches caused certain websites like Facebook, Instagram, and Zoom to display an “Unsupported Browser” error on Safari.
Severity:
Medium
Attack Surfaces:
Endpoint OS, Mobile OS, Web Browser
Tactics:
Execution, Impact, Privilege Escalation
Techniques:
Exploitation for Privilege Escalation, Resource Hijacking, Command and Scripting Interpreter
References:
https://support.apple.com/en-us/HT213823 ,
https://support.apple.com/en-us/HT213825 ,
https://support.apple.com/en-us/HT213826 ,
SuperPRO’s Threat Countermeasures Procedures:
1. Ensure that all affected devices, including iOS, iPadOS, macOS, and Safari, are updated to the latest versions available.
2. Enable the automatic update feature on your devices to receive important security patches and updates automatically.
3. Exercise caution when accessing unfamiliar websites and interacting with suspicious links, particularly those originating from unknown or suspicious sources.
4. Consider utilizing reputable security software or antivirus applications on your devices as an additional measure to enhance protection against potential threats.
5. It is highly recommended to regularly back up your crucial data to a secure location.
Contributed by: Wan
Leave a Reply